<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
  <title>Boost.Locale security notice</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <link rel="icon" href="/favicon.ico" type="image/ico" />
  <link rel="stylesheet" type="text/css" href="/style-v2/section-boost.css" />

  <!--[if IE 7]> <style type="text/css"> body { behavior: url(/style-v2/csshover3.htc); } </style> <![endif]-->
</head>
<!-- Don't edit this page! It's generated by site-tools/site-tools.py -->
<body>
  <div id="heading">
    <!--#include virtual="/common/heading.html" -->  </div>

  <div id="body">
    <div id="body-inner">
      <div id="content">
        <div class="section" id="intro">
          <div class="section-0">
            <div class="section-title">
              <h1>Boost.Locale security notice</h1>
            </div>

            <div class="section-body">
              <h2><span class=
              "news-title">Boost.Locale security notice</span></h2>

              <p><span class=news-date">February 1st, 2013 10:08 GMT</span></p>


              <div class="news-description">
                <div class="description">


  <p>
    Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw.
  </p>
  <p>
    <code><span class="identifier">boost</span><span class="special">::</span><span class="identifier">locale</span><span class="special">::</span><span class="identifier">utf</span><span class="special">::</span><span class="identifier">utf_traits</span></code>
    accepted some invalid UTF-8 sequences.
  </p>
  <p>
    Applications that used these functions for UTF-8 input validation could expose
    themselves to security threats as invalid UTF-8 sequece would be considered as
    valid.
  </p>
  <p>
    This bug is fixed in upcoming Boost 1.53.
  </p>
  <p>
    For more details see: <a href="https://svn.boost.org/trac/boost/ticket/7743">#7743</a>
  </p>
  <p>
    Users who can't upgrade to the latest versions may apply the following patch
    to fix the problem.
  </p>
  <p>
    <a href="http://cppcms.com/files/locale/boost_locale_utf.patch">http://cppcms.com/files/locale/boost_locale_utf.patch</a>
  </p>
</div>
              </div>
            </div>
          </div>
        </div>
      </div>

      <div id="sidebar">
        <!--#include virtual="/common/sidebar-common.html" --><!--#include virtual="/common/sidebar-boost.html" -->      </div>

      <div class="clear"></div>
    </div>
  </div>

  <div id="footer">
    <div id="footer-left">
      <div id="copyright">
        <p>Copyright Rene Rivera 2006-2007.</p>
      </div><!--#include virtual="/common/footer-license.html" -->    </div>

    <div id="footer-right">
      <!--#include virtual="/common/footer-banners.html" -->    </div>

    <div class="clear"></div>
  </div>
</body>
</html>
